Blockchain technology provides a subversive data storage, dissemination and management mechanism, and has become a new hotspot of global scientific, technological and economic development. In October 2019, when general secretary Xi Jinping presided over the eighteenth collective learning of the Politburo of the CPC Central Committee, he stressed: “we should regard the block chain as an important breakthrough in core technology independent innovation” and “strengthen the research and analysis of the risk of the block chain”. By establishing the underlying architecture and platform of the blockchain, the blockchain infrastructure provides the underlying core capabilities, resources and services of the blockchain such as storage, transmission, computing, development and testing necessary for the implementation of blockchain technology, industry and applications, and effectively cleans up the obstacles that must be solved in the process of blockchain implementation, such as insufficient underlying performance of the blockchain and high development technology threshold. The construction of safety risk assessment and safety guarantee capacity not only responds to the spirit of general secretary Xi Jinping’s speech, but also provides a necessary, safe and reliable basic capability for the application of block chains.

Blockchain infrastructure security is imperative

In recent years, the government and industry have closely launched blockchain infrastructure construction projects to strengthen the construction of blockchain infrastructure capacity. Since 2018, EU countries have cooperated to build European blockchain service infrastructure (EBSi); As blockchain infrastructure service providers, industry giants represented by Microsoft, IBM, Amazon and Alibaba cloud have successively launched blockchain as a service (baas), an emerging blockchain infrastructure service. It is predicted that the total global market value of baas will reach US $30.59 billion by 2024; In 2019, planned by the National Information Center, the blockchain service network (BSN) jointly developed by China Mobile, China UnionPay and other parties began public beta, aiming to provide a national blockchain service infrastructure platform. Blockchain infrastructure can provide bottom-level capabilities, resources and services that meet multiple performance requirements such as computing power, bandwidth, energy consumption, storage, delay and throughput for the implementation of upper level applications. Accelerating its capacity-building is the key to the successful implementation of “blockchain +” services in major industries related to the national economy and the people’s livelihood, such as communication, retail, banking, trade and government, It is also an inevitable need to promote the development of the blockchain industry.

How to deal with the security risks of blockchain infrastructure

As the core hub of carrying various blockchain applications on the upper and connecting network infrastructure on the lower, the threats faced by blockchain infrastructure, such as vulnerability utilization and DDoS attacks, will have a point-to-point and area security impact on its blockchain applications, user data and even the whole blockchain ecology. Therefore, strengthening the security capacity-building of blockchain infrastructure has become an indispensable link in building a safe, healthy and reliable blockchain ecology. At present, relevant work has been preliminarily carried out at home and abroad, and the safety system still needs to be further improved. The EU launched a research project in 2017 to assess the potential of blockchain infrastructure to cover the whole EU, including the assessment of security mechanism; The communication industry standards association has also carried out the development of a series of standards for blockchain infrastructure security.

Blockchain infrastructure faces a variety of security risks

Blockchain infrastructure integrates traditional and new technologies such as cryptographic protocol mechanism, P2P network protocol, consensus mechanism and smart contract. It is not only facing more and more severe security risks of traditional mechanisms due to security characteristics, but also facing new security risks brought by the core mechanism of blockchain.

1. Traditional mechanism security risk

Node device security risks: including security risks from network nodes, storage devices and their environment. For example, there may be security vulnerabilities in leveldb, redis and other databases that are not repaired in time, resulting in unauthorized access and intrusion to network nodes and storage devices.

Traditional network security risks: including DDoS attack, virus Trojan horse attack, DNS pollution, route broadcast hijacking and other traditional network security risks.

2. Security risk of blockchain core mechanism

P2P network security risk: facing the network security risk caused by node failure, network connection fracture and internal malicious nodes, resulting in data inconsistency, denial of service, node isolation, etc. For example, the eclipse attack that can be used to attack bitcoin and Ethereum P2P protocol monopolizes all the connections with the attack target nodes, so that the attack target can only receive the selectively forwarded information from the attacker, so as to control the consensus resources such as the examples of the attack target.

Security risk of consensus mechanism: internal and external attackers can take advantage of the vulnerability of the consensus mechanism, such as its own design vulnerability, node failure or link fracture, false identity, etc., to destroy the consistency, reliability and availability of the consensus mechanism, resulting in the failure of consensus convergence, long convergence time beyond the available range, record bifurcation, etc. When the attacker’s computing power or proportion reaches a certain level, it can carry out computing power attack, bifurcation attack and other attack means to control the consensus process and results.

Smart contract security risks: faced with risks from smart contract operating environment vulnerabilities and smart contract’s own code and logic vulnerabilities, including contract programming solid security vulnerabilities, compiler errors, Ethereum virtual machine errors, etc., attackers can exploit and utilize logic vulnerabilities and code vulnerabilities in smart contracts to implement operations that do not comply with smart contract agreements.

Security risk of cryptographic mechanism: the inherent security risk of cryptographic mechanism still exists in the blockchain system, including key distribution management risk, cryptographic algorithm design backdoor and development vulnerability. In addition, with the rapid development of quantum computing technology, it may be possible to solve the difficult problems such as large number factorization in asymmetric cryptographic algorithms in seconds, which will destroy the security of encryption algorithms and become a potential security threat to cryptographic mechanisms.

Ensure the security of blockchain infrastructure

In view of the traditional and new security risks faced by the blockchain infrastructure system platform, on the one hand, it is necessary to deploy and combine the traditional security mechanism to carry out effective protection detection from before to after; On the other hand, it is also necessary to adopt unique security countermeasures according to the core technology of blockchain infrastructure.

P2P networking security: core node redundancy configuration shall be adopted to ensure service availability in case of network disconnection; Real time feedback of network topology connection of the whole network through heartbeat connection, timely detect and deal with node failure, node abnormality, attack and intrusion, etc; The synchronization mechanism should ensure that after the node is disconnected and reconnected, it can achieve state consistency with other nodes, and can timely detect the attacker’s monopoly connection.

Security protection of consensus mechanism: the consensus protocol should have fault tolerance, that is, it can tolerate non malicious node disconnection and network partition caused by a certain range of node physical or network faults, and it should also resist collusion attack, witch attack and other malicious attacks.

Security of password mechanism: the password mechanism shall comply with the requirements of relevant countries. Effective code confusion shall be carried out in the process of password implementation to ensure that the attacker cannot extract the core password algorithm and key information.

Smart contract security: provide smart contract development specifications in terms of operation security, interface security and security configuration, as well as necessary code security checks, including smart contract baseline security detection, framework security detection, etc.

Traditional encryption authentication mechanism: design and implement traditional encryption authentication mechanisms such as identity authentication, access control, data security management and key management in core business access and network access, so as to prevent and mitigate the risks of malicious nodes, unauthorized access and data leakage.

Traditional intrusion prevention and detection mechanism: through the deployment of resource monitoring, intrusion detection and other prevention mechanisms, monitor and analyze the use of network resources and network operation, so as to realize the effective detection and linkage disposal of intrusion attacks such as malicious nodes and DDoS.

Physical environment and management security: including the security protection of the physical environment where the blockchain infrastructure is located in terms of computer room location, power supply, prevention of external disasters, etc., and formulating and implementing management systems such as management system, personnel management, disaster recovery plan, etc.

Responsible editor: CT

Leave a Reply

Your email address will not be published. Required fields are marked *